Some issues poc script

Others 2019-09-30 07:56:43 views: null

What is the PoC

PoC (full name: Proof of Concept), Chinese translated as proof of concept. In security circles, you can understand become vulnerability verification procedures (in this tutorial, unless otherwise specified, the default on behalf of vulnerability verification procedures), of course you want to forcefully say I am wrong, I certainly support you, anyway, I did not intend to refute you. And some applications compared to, PoC is a piece of incomplete procedures, just to prove the point of view of the author of a piece of code. Because some code snippets, so up to now have not seen in terms of how to write a book PoC, because these things for people to write code, they'll wonder why every minute will be a thing even out book.

What is Exp

Exp (full name: Exploit), Chinese called exploits. Says the name is very clear, simple speaking, some bugs may play value, did not say these words and feel the same. Imagine this scenario, a target is a SQL injection vulnerability, then you know, then you write a program that injection vulnerability through the SQL, got permission goals, then this program is called Exp, of course, if you do not use this loophole, so it stood, so this loophole, for you can think of no value.

Mistakes About PoC / Exp of

  1. To write PoC will Python.

    This sentence, poisoned a lot of people. PoC presence of only one purpose: to prove that loophole. In regard to the form of PoC, or the implementation of the code, you want what way, on what way. We recommend Python, Python just say security community with the majority of people, you can write something that more people understand, as well as the language of Python flexible, powerful features such as libraries, to those who prepared to provide a great convenience .

    You can understand ah, you're looking for work, and your parents have recommended that you go to the civil service exam, you can say you want to work on the civil service exam can only do such a thing?

  2. PoC is Exp.

    These words do not know who first said. In fact, strictly speaking, PoC and Exp are two things you want to say two is a force, then you when I did good. In my opinion, PoC is used to prove the existence of loopholes, and Exp is used to exploit this vulnerability, in many cases, we know that the vulnerability exists, but do not know specifically how to use, write a very simple PoC, written Exp is a quite challenging.

    Exp difference between PoC and a bit like you find on a supermarket door lock of a problem, you have to give people proof lock by lock problem and a problem of this phenomenon to the supermarket to steal this money are two different things.

What is the vulnerability Range

Vulnerability range (Vulnerability Firing Range), is to test the machine ran flawed program. Is typically done with a virtual machine, of course, also useful for Docker to achieve, anyway, it is to give you an already reproduced the vulnerability of the environment allows you to test the vulnerability of things.

When we learn PoC written recommendation to build their own shooting range test is not recommended for use directly on the machine ran the business of the Internet, because the security configuration reality is often more complex than the shooting range, the novice is not conducive to learning, these are not the focus focus is in case you do not care to people ruining the machine, you who say this pot back? You play it back?

PoC writing process

Here we do not discuss undisclosed vulnerability, has been disclosed for a loophole, authoring process PoC is this:

  1. According to vulnerability details, look for the affected version of the program.

    If some of the CMS, you can go to the official website to download the corresponding version of the program history, not to mention some of the vulnerabilities specific version number, then you have depending on the time of submission of vulnerability to judge. Of course, in addition to the official website, you can go to find the source code on github, the official website of these two like to delete historical versions of a program, use of tag on github, branch, release function, you have to have all versions of the above.

  2. Vulnerability to build the corresponding range

    After the fact, there's really nothing here, download other people's source code, in your virtual machine configuration inside the environment on the line, but also the way to learn about some superficial knowledge of operation and maintenance.

  3. Manually reproduce vulnerability

    According to vulnerability details, go over the entire process manually, reproduce under conditions familiar, such as using GET or POST request, landing or need to return to the page would look like, I submit different parameters, will see different results if the vulnerability does not exist, what kind of results will appear ......

    After quicken the work, familiar with these, behind Coding it is simply a sub-minute thing, since the beginning we said before, PoC is a small piece of code.

  4. write the code

    After the manual reproduction of a vulnerability analysis of vulnerability prove step, step by step, write code according to their actual test situation, with my words, write code, in fact, every step of manually operated with a program to simulate, if you go one step seriously done, this step only experience problems, this tutorial will enrich your experience in this area in the back.

  5. PoC test

    Additional testing and coding are basically at the same time, why should propose a separate speaking it, we write PoC, in addition to testing our code on a vulnerable target drone, even in the absence of site vulnerability testing, general It is that a good PoC when post-test requirements for the 10,000 target test, false positives can not be more than 10.

PoC and PoC framework

PoC framework is a batch management, scheduling PoC program. Because it is a framework to batch scheduling, it requires PoC at the time of writing to comply with some of the specifications that are common:

  1. Entrance specification

    Taking into account the use of PoC batch scheduling, the framework calls the PoC unified entry time will be very convenient. The scheduling is required according to the specific requirements of the framework point of view, there is a document, it will look up.

  2. API Specification

    The framework API package is based on some of the libraries, such framework provides the network request tools. These packages are what good is it? I, for example child to explain such a scan, call 1000 PoC to scan the target host, and assuming that the scanning task in part need to log in, but there are some authors forget receiving PoC user at the time of writing Cookie a custom, then the time will not be received because the resulting Cookie request is unsuccessful. So in the case of a framework, even in the case of forgetting to add these fields under the framework will automatically be added to the Cookie request, provide a great convenience for the PoC developers.

Guess you like

Origin www.cnblogs.com/rab3it/p/11610501.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com